Pittsburgh Techfest Slides

Published on June 15, 2015 by in Events

I recently presented a session at the Pittsburgh Techfest on Hardening SQL Server. Thanks to everyone who attended my session. Below please find the slide deck.


 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Upcoming Speaking Engagements

Just when I thought my year was effectively over in terms of public speaking, I was asked to present my PASS Summit 2014 talk on “The Professional Networking Toolbox” for the PASS Professional Development Virtual Chapter. It’s been  exactly two years since I last spoke at the Prof Dev VC so I readily accepted. I will be speaking on December 10th at Noon Eastern Time. I hope you can make it

Online Meeting URL :

There is no RSVP necessary.

I was also approached by the Northeast Ohio Information Security Forum to see if I would be interested in speaking on SQL Server Security. Earlier in the year I had presented for the local ISC2 Chapter and they were interested in hearing the talk as well. The presentation is “10 Tips Toward better SQL Server Security”  I’ll be speaking on December 17th at 6:30PM at Freedom Square III 4511 Rockside Rd., Independence, Ohio. I hope to see you there.



 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

PASS Summit 2014 Recap

Published on November 17, 2014 by in PASS

I recently returned from my annual trip to the PASS Summit. This week long adventure is always exhilarating and exhausting at the same time. Some thoughts on the Summit this year (in no particular order):

  • Dining Hall / Community Zone / Exhibit Hall layout really worked this year. Abandoning the South Lobby was a great idea and eliminated the traffic jams of yesteryear. I think it was this way in 2012 but everyone finally realized that it just makes sense for traffic flow.
  • Chapter Lunch on Wednesday. I am sad to see that this was killed off this year. This was the time each year that I could meet people from my hometown who did not attend the local user group. Historically, this has always been a good example of the disconnect between PASS and the local user groups. I’m sad to see the Board took the easy way out and chose to hide the defect instead of addressing it.
  • Speaker Idol was a great idea by Denny Cherry and well executed.  I sat in on part of one session and the judges were serious and offered constructive criticism and praise where it was due. I would have hoped that there be an official member of the Program Committee involved as a judge because there was a 2015 Summit speaker slot was up for grabs.
  • Bring back Don Gabor. I heard that the First Timers Networking sessions were done by Board Members. Nothing wrong with that but Don Gabor is a professional networking speaker and conversationalist. He does a great job of inspiring people on the value of networking. Let the expert work his magic.
  • Sheer Volume. It’s getting harder to see everyone as the attendance hit an all time high of 5,900. There were several people I wanted to talk to but didn’t run into for logistical reasons.
  • Security more in evidence that ever before. There were a lot of rent-a-cops everywhere. I guess it’s a sign of the dangerous and paranoid world we now live in.
  • Sessions per day. I only attended one or two sessions per day (including my own). The value I get from the Summit, at this point my career; is the face time, networking, and lasting relationships with other professionals. You don’t get that sitting in sessions.  Buy the recordings and watch them during the Winter. That’s what I do.
  • Board Q&A. Due to a last minute schedule change I was unable to attend the Board Q&A. I was looking forward to asking some of my friend Andy Warren’s questions plus some of my own.
  • Networking Sessions should be expanded to anyone who wants to attend; not just First Timers. Have a session late Tuesday, say 4PM-5PM for people looking to expand their networking skills. Plenty of Alumni need help too.
  • Idea: Networking Prep Session one month before PASS Summit 2015. I see value here, across the board.
  • Come in early and relax a day before the carnage begins. This year I flew in Sunday and attended the Red-Gate SQL in the City on Monday. It went well as Red-Gate always puts on a good event.  Tuesday I relaxed and worked on my presentations.
  • Umbrella. It was rainier than usual this year and I was lucky to have my SQL Saturday Columbus umbrella handy this year. It fit perfectly in my pocket.
  • Room usage. Room allocation seemed better this year. I don’t know if this was a result of Dev Nambi’s predictive analytics work or blind luck but it was better than last year in Charlotte.
  • Business Cards. I continue to see 40-50% of people I meet who do not have business cards. This surprises me, especially many senior level people I ran across who did not have them.  I have been banging on this drum for a while now. I guess I need to bang harder and louder. Business Cards are an awesome networking tool.
  • Program Committee Lunch. I was invited to a quiet lunch with Program Committee Managers and Team Leads. This worked very well, as we were able to talk strategy for next year. Face Time counts for a lot here, even if for only an hour or so because most of the time we communicate via email.
  • My Sessions. I had a lightning talk on Wednesday on Upgrading SQL Server. It went well. My session on Thursday was “Your Professional Networking Toolbox”. I had about 15-20 attendees, not bad for being up against Bob Ward with his 500 level session. The attendees I had wanted to be there and I could tell by the reactions and enthusiasm for the topic.

It was the best Summit ever and I can’t wait for next year!


 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
3 Comments  comments 

Presenting at the 2014 PASS Summit

Published on November 1, 2014 by in PASS, Presenting

I’m just amazed that in less than 24 hours I will be in Seattle getting ready for the 2014 PASS Summit. This event is the largest SQL Server Conference in the world. I think attendance is somewhere around 6,000 from around the world.

I was honored to be selected to present on two topics:

The Professional Networking Toolbox (Regular Session)

This session is a hybrid of sessions I have done in the past. I used to have a pure Professional Networking presentation and it morphed into the LinkedIn for SQL Server Professionals presentation, that I did at the PASS Summit in 2012. There’s plenty of new content and information for the IT Professional on how to build their soft skills and build a strong network. I’d love to have you attend, and explain some of my ideas on networking for IT Pros. Even if you can’t make it, flag me down in the hall at the Summit and I’d be happy to spend some time with you talking about it.

 Lightning Talks 101

I’ll be presenting a 10 minute Lightning talk on Wednesday. 10 Tips on Upgrading SQL Server in 10 Minutes. This is a condensed version of a talk I used to give on Upgrading SQL Server.

The PASS Summit 2014 is my 6th Summit.  I attended in 2007 and 2008 then sat out 2009 -2010. I have been attending since 2011 and will never sit out again. I have presented Regular Sessions in 2012 and Lightning Talks in 2011 and 2013.

The Summit is always a special event for me each year.  I have many friends that I have met at and only see once a year at the PASS Summit. I hope to meet you and make your acquaintance.





 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Information Security Summit PreCon Recap

I have just completed teaching my 1st ever PreCon training event at the Information Security Summit. Earlier this year I resolved it to make this a reality and present on SQL Server Security. It has been a lot of work, consuming all of my spare time the past four months. Some thoughts in no particular order:

– I had 10 students. I was pleasantly surprised to see that many sign up. When I pitched this idea to my friend Gary Sheehan, CSO of the Information Security Summit over a year ago, we didn’t know if anyone would even show up.  We thought there was a hole there between the the SQL Server DBA world and the Security/Compliance/Audit Professional world in terms of training/education but were not sure what it might look like. This was an exercise in throwing something at the wall and see what sticks. I still believe this core tenet of bridging the gap remains valid but the message/content needs fine tuned.

– Attendee break out. I was even further surprised to see that the attendees were about evenly split out between SQL Server DBAs and IT Security/Audit/Compliance Professionals.  We had some interesting discussions and I think that was very helpful.

-Gigabyte Brix. My Demo Platform was a Gigabyte Brix ultra mini PC connected via a switch. It sounded like a good idea when I bought it but it was too complicated. I underestimated the complexity of the care and feeding of it. Powerful device but overkill for what I needed it for.

– Separation of Duties. I included a module on Separation of Duties. It wasn’t very well received. Maybe because of after lunch, I’m not sure.  The demos were a dismal failure and I gave up and retreated.

-Dress Up. I believe in overdressing a little bit and I wore a tie.

-Printed book. I had the course materials printed and bound into a mini book. It was very well received, with many positive comments on the quality. I also received positive comments from other attendees later on at the Summit itself so I guess it made a splash.

-USB Drive. I also supplied the course materials electronically on a cheap USB drive. Nothing to download. It was also a hit.

-Older versions of SQL Server. One recurring theme we discussed was the prevalence of older versions of SQL Server, even SQL Server 2000 in the real world. I’m not surprised with this. Part of the aim of some of material presented was to use older techniques as a “Stop-Gap” measure to achieve partial compliance.

-ISV / 3rd party applications. Another great discussion item that everyone had horror stories on is that many 3rd party applications are replete with security holes and poor on compliance in general.

-Prize giveaway. This was a big hit and I’m glad it worked out.

-Too much material. We didn’t get through the material and there was too much of it. This course could be a two day class. Some of the attendees even said so.

-Weak Demos. I didn’t spend enough time preparing for Demos and it showed.  About half of the demos either were cut short due to failure or time constraints.  I will follow Kevin Kline’s advice and Record my demos next time.

-Content balance. The content was too technical for Security/Audit/Compliance professionals.  I suspected this might be a problem but didn’t fully realize it until I looked at my audience.  By then it was too late. Several comments made indicated a high-level day would be desirable and a deep dive day. That’s really an indication that there’s two different audiences here and that a one size fits all approach cannot and will not work.

-Content focus. The initial focus vector was operational security for SQL Server. I later expanded it to include Regulatory Compliance topics like HIPAA and PCI-DSS and at the last minute added in short modules on SQL Injection and Securing the Platform for completeness. This led to a shotgun approach that lacked cohesion.  Trying to please too many people here.

In spite of all of the above. I have to declare this event a victory. This was a major personal and professional goal for me this year and I’m happy to have done it. I also learned a lot doing it. If you attended the event, I appreciate your coming and I hope you learned something.



 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Auditing in SQL Server Slides and Sample Code

Thanks to everyone who attended my presentation today at the Information Security Summit. As promised, attached  is the slide deck and sample code. The sample code needs to be opened as a Solution inside of Management Studio.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Information Security Summit PreCon

I will be teaching a one day Pre-Con session as part of the Information Security Summit 2014.  If you are a SQL Server DBA or Security Professional I urge you to check it out.

I have been a volunteer and supporter of the Information Security Summit for several years now. It is a good organization, run by good people, who want to do the right thing, and educate security professionals at a reasonable cost. Last year the event sold out at over 600 attendees over two days and was basically limited by building fire code. I predict this year will be pretty much the same.

So what about my Pre-Con? I have discussed SQL Server Security with some colleagues both on the SQL Server side and Security Professionals who all have indicated that there is a need for SQL Server Security education. Earlier this year I resolved to present a Pre-Con at the ISS. So my focus for the past 6 months has been building , researching and preparing to deliver the workshop.

Take a look at the outline. It’s SQL Server security content mainly aimed at Security Professionals and Practitioners in the context of Regulatory Compliance.  But if you are a Professional DBA, there will be lots of challenging material as well. In fact, I hope to pair up “teams” of Security Professionals and Database Administrators in the class to maximize learning opportunities and team building.

I hope to see you at the Pre-Con and if not, I will be presenting a session on Auditing in SQL Server on Friday October 31st at the ISS.



 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
4 Comments  comments 

Dog Food Conference 2014 Call for Speakers

Published on June 10, 2014 by in DogFoodCon

Earlier in the year, I was invited to participate in the steering committee for Dog Food Con as a SQL/BI track owner.  This Microsoft technology focused event will be hosted at the Quest Conference Center in Columbus, Ohio on September 29-30, 2014. The event last year had 585 attendees over 2 days. We are targeting 800 attendees this year.

A few days ago, the Call for Speakers was announced. We are looking for abstracts on Microsoft technologies like Powershell, SQL Server / Business Intelligence, Windows 8.1, Hyper-V, Exchange, Sharepoint, Lync and many others.  Special topics we are hoping to have presenters on this year include:

  • Office on the iPad
  • Project Roslyn and .NET open source Foundation
  • Hosting DNN, WordPress, Linux,  or Oracle on Azure
  • GitHub integration with TFS

The call for speakers will be open until July 9. Speakers will be notified on July 14. Please consider submitting an abstract paper today.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Akron AITP April Meeting Recap

Published on May 1, 2014 by in Uncategorized
  • Meeting began at 6PM. There was a little networking going on and we started a few minutes before 6:30. Food was typical fare, sandwiches, veggies and fruit.
  • Guest speaker was Keith Mayer, a technical evangelist for Microsoft. I’ve known Keith for a few years now so it was good to catch up a little.
  • Topic was DevOps with Azure. The promise of DevOps is to let IT pros into the Dev Circle, and also to let Devs into the IT Pro land, all in the name of delivering solutions to the business faster.  Cross pollination, I guess. But I’m skeptical. Sounds an awful lot like RAD (Rapid Application Development) from my college days. Keith did a good job with the content, although I’m not convinced Microsoft isn’t just hanging on to the next buzzword using that to push Azure.
  • Attendance was 16, a little down from last month, where it was somewhere north of 20 I think.
  • Areas to improve: The pre-meeting should be called out on the agenda, with an encouragement towards networking.  Maybe have the soft drinks out early and do a mini bingo card or something to encourage people to mingle.

On my way out, I heard that next month is Bob Coppedge speaking on Google Glass. Should be a good one, as Bob is always an entertaining speaker. Hope to see you then.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Upcoming Events

I’ll be presenting at a couple of IT Pro events in the next couple of months: First, SQL Saturday Detroit on May 17th. This is their second event held in the Motor City. I was happy to attend last year and it’s great to be going back. I’ll be talking about Achieving Compliance in SQL Server. This is a new topic for me. I’ve long been interested in SQL Server security and hardening the database platform. In addition I feel there has been a long gap between the SQL Database world and the Security/GRC/Audit professional community. This is a kind of prelude to some additional talks I will be doing on this thread in the near future in an effort to help bridge that gap.

On June 7th I will be speaking at the Pittsburgh Techfest. This platform agnostic IT Pro event is coming back for a third year. I’ve attended it since it’s inception and it will be great to get back and see some old friends. I’ll be talking on Getting Started with Hadoop. This is a talk that I have been wanting to do for a while and I figured it would be a nice change from the usual SQL Server fare. I’m focusing on HDInsight Server (Hadoop on Azure) because I’m mainly a Microsoft guy so it makes the most sense. I’m planning on mentioning Hortonworks HDP 2.0 Hadoop for customers looking for an onsite install as well.
I hope to see you there if you are attending. Stop by my session and say Hi.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments